53 lines
1.1 KiB
Nix
53 lines
1.1 KiB
Nix
{
|
|
config,
|
|
inputs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = homelab.services.${service};
|
|
homelab = config.homelab;
|
|
service = "vaultwarden";
|
|
in
|
|
{
|
|
options.homelab.services.${service} = {
|
|
enable = mkEnableOption "Enable ${service}";
|
|
|
|
url = mkOption {
|
|
default = "${service}.${homelab.domain}";
|
|
type = types.str;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services = {
|
|
${service} = {
|
|
enable = true;
|
|
|
|
environmentFile = config.age.secrets.vaultwarden-env.path;
|
|
|
|
config = {
|
|
DOMAIN = "https://${cfg.url}";
|
|
ROCKET_ADDRESS = "127.0.0.1";
|
|
ROCKET_PORT = homelab.ports.${service};
|
|
SIGNUPS_ALLOWED = false;
|
|
};
|
|
};
|
|
|
|
nginx.virtualHosts.${cfg.url} = {
|
|
forceSSL = true;
|
|
useACMEHost = homelab.domain;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:${toString config.services.${service}.config.ROCKET_PORT}";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
age.secrets.vaultwarden-env.file = "${inputs.self}/secrets/vaultwarden-env.age";
|
|
};
|
|
}
|